From cf2a989d771b73ec61ed4bbbc4b7c4dbc5f0d4d2 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Thu, 19 Oct 2023 23:50:29 -0400
Subject: [PATCH] daemon.start: stop disabling Apparmor restrictions on unpriv
 userns/unconfined

Those restrictions are not enabled in 23.10 so LXD no longer need to
force disable them. If they are enabled, it means the user opted into
it, probably for testing the features, in which case LXD shouldn't
undo the user's decision.

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 snapcraft/commands/daemon.start | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start
index ac944cae1..8622927bd 100755
--- a/snapcraft/commands/daemon.start
+++ b/snapcraft/commands/daemon.start
@@ -424,20 +424,6 @@ if [ "$(stat -c '%u' /proc)" = 0 ]; then
             echo 1 > /proc/sys/kernel/unprivileged_userns_clone || true
         fi
     fi
-
-    if [ -e /proc/sys/kernel/apparmor_restrict_unprivileged_userns ]; then
-        if [ "$(cat /proc/sys/kernel/apparmor_restrict_unprivileged_userns)" = "1" ]; then
-            echo "==> Disabling Apparmor unprivileged userns mediation"
-            echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns || true
-        fi
-    fi
-
-    if [ -e /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined ]; then
-        if [ "$(cat /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined)" = "1" ]; then
-            echo "==> Disabling Apparmor unprivileged unconfined mediation"
-            echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined || true
-        fi
-    fi
 fi
 
 # Setup CRIU